CVE-2014-8545

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2014-8545

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2014-8545.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2014-8545

Downstream

DEBIAN-CVE-2014-8545

Related

MGASA-2014-0464
MGASA-2014-0491

Published

2014-11-05T11:55:08Z

Modified

2025-08-09T20:01:28Z

Summary

[none]

Details

libavcodec/pngdec.c in FFmpeg before 2.4.2 accepts the monochrome-black format without verifying that the bits-per-pixel value is 1, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted PNG data.

References

https://security.gentoo.org/glsa/201603-06
http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=3e2b745020c2dbf0201fe7df3dad9e7e0b2e1bb6
http://www.ffmpeg.org/security.html

CVE-2014-8545

Affected packages